Wednesday, February 13, 2013

ESET Full System Scans are actually a waste of time.

We receive a number of complaints regarding the timing of weekly ESET scans and the length of time they take to complete, stating the computers are unusable while its in progress. Also, the currently weekly procedure is flawed in that users can easily circumvent scans if they are in the after hours scan group by taking their computer offline. We could force the scan, but those same users would be stuck at 8 AM waiting for their computer to finish scanning for ~2 hrs (we have a lot of old computers running WinXP that ESET really takes its time with).

We ran a report to find out how many threats are detected by the weekly OnDemand scan versus the other methods (Startup, Real-time, HTTP filter, Email filter). Using the Remote Administrator web interface, we charted a quick breakdown of the last 30 days:

Scanning tool detecting threats in the last 30 days.

The OnDemand scan didn't even appear on the chart. In fact, since we've been using ESET, exactly ZERO threats have been picked up by the OnDemand scan.

I certainly didn't expect that the full system scan was actually USELESS, but after doing some research we found that these tools work well enough to keep a full scan from being necessary. They protect everything going in and out of the computer as well as what's currently running. Even if there is a worm in a hidden system file or something like that, as soon as it tries to execute, the Real-time scan would flag it.

So I pushed the OnDemand scans to every six months. Now we simply inform everyone of the scan, telling them to leave their computers on, scan after hours. If a computer comes online that missed the scan, we would immediately enforce a scan. Ideally, I would have done away with them altogether, however it looks better procedurally to have something in place instead of nothing.

As a result, we've increased user experience and productivity while decreasing overhead for IT for a scan that is proven to have little/no positive effects.